Effective Date: May 31st, 2018
Last modified: June 21, 2021
By accepting our Terms of Service and this Policy and/or using our Apps, you agree that your personal information will be handled as described in this Policy. Your use of our Apps, which includes any services available through our Apps, is subject to this Policy and our Terms of Service, not including its applicable limitations on damages and the resolution of disputes. Our Terms of Service are incorporated by reference into this Policy.
Please note that our Apps may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites and We are not responsible for the information practices of such websites.
We are Hiya, Inc. We are the controller in relation to the personal information processed in accordance with this Policy (except where this Policy explains otherwise).
Our details – options to contact us:
The Hiya App enables users to: (a) identify incoming telephone calls and screen potentially unwanted calls; (b) select call management options for incoming calls by type of caller; (c) look up phone numbers manually or using reverse phone number look up features; (d) automatically forward incoming calls identified by Hiya as a potentially “unknown identity/reputation” that are either missed or rejected by the user to a voice messaging system hosted by Hiya and accessible through the App. The App is offered by Hiya on a purely opt-in basis and therefore user would have to affirmatively elect to use it. Similarly, users can disable the App at any time, even after opting in to use it.
We may process personal information relating to you if:
In case you are one of our users and access some of our Apps using your social networking account credentials, we may obtain information from Facebook, LinkedIn, Twitter and Google+: If you log into our Apps using these social networking accounts, you must enter your social networking account email address and password. We will ask that you grant us permission to your social networking account user IDs which we will use to authenticate you to use our Apps. Since your social network account user ID is unique, we do not have to create a new ID ourselves. Instead, we will use your social network account user ID to identify you as a user in our Apps. If you allow us to have access to your social network account user ID, then our Apps may be visible on your social network page that lists your “applications.”
We store your social network account user ID that we receive from your social network account along with other information that we collect from you or receive about you. The third-party social networking site will know that you are a user of our Apps and certain usage information. For information about how the social networks may use and disclose this information, including any information you make public, please consult their respective privacy policies. We have no control over how any third-party site uses or discloses the personal data it collects about you. Any access to and use of a social network is not governed by this Policy, but instead of governed by the policies of those social networks. We are not responsible for the information practices of such social network websites.
Our Apps are not designed for children under the Minimum Age (as defined in our Terms of Service) and Hiya does not make its’ Apps available to Children under the Minimum Age. If you are under the age of the Minimum Age, you may not download the Apps or use the Apps, you may not use any feature that requires registration, and you may not provide us with any of your personal details. If we discover that a child under the Minimum Age has provided us with personal information, we will delete such information from our systems.
We may obtain information about you in a variety of ways, including when you call, email or otherwise communicate with us (including through social media), or when you participate in events or other promotions. We also collect information given directly by you, by third parties (e.g., data providers, social networks), and automatically as you use our Apps. The personal information relating to you that we process may include the information set out below.
The information that we collect, whether from you directly or automatically, may be considered personal information in certain jurisdictions or personal data under the European General Data Protection Regulation (the "GDPR"). Whenever we refer to personal information in this Policy, it means personal information or personal data as defined by applicable laws in the relevant jurisdiction.
A key component of our Apps is to assist our users in identifying telephone calls including potentially unwanted telephone calls, as well as automatically forwarding incoming calls we identify as a potentially “unknown identity/reputation” that are either missed or rejected by the user to a voice messaging system hosted by Hiya. To do so, we may collect call and text log information automatically from our users’ devices and audio records if a caller leaves our user a voice message.
If you contact us, we will collect whatever information you choose to provide in your correspondence with us often this includes your phone number, email address or other contact details.
We also invite you to contribute information in and on our Apps, including your comments in spam reports, spam category, name corrections and any other information that you would like to be available on our Apps. You also may have the option to send a picture or your location through our Apps to someone you call. These pictures will not be available to all users, only to the receiver of the sent picture. We will not text or call any of your contacts without your explicit consent. If you contribute information to our Apps, your posting may become public and we cannot prevent such information from being used in a manner that may violate this Policy, the law, or your personal privacy. In general, if you choose to upload, post, transmit, or otherwise disclose information about other people to us, you confirm that you have the authority to use and share such information.
We may process personal information as necessary to perform our contract with our users, for our or third parties’ legitimate interests, especially to provide our Apps to you and other users, to assist our users in identifying potentially unwanted telephone calls and handling such calls, including the following:
To be able to provide the core, acknowledged feature of our Apps, namely spam and fraud prevention, it is essential to collect certain call-related data not just about our users, but also about the party on the other end of the phone call:
Where we rely on our and our users’ legitimate interests to identify unwanted callers and protect mobile users from spam and fraudulent calls, we have carried out appropriate legitimate interest assessments (“LIA”) to demonstrate that we have compelling legitimate grounds for the processing which override the fundamental rights and freedoms of the people whose personal data we process. For more details on the LIA please contact as at the following e-mail address: email@example.com. The LIA is made available to you upon request.
Also, we are dedicated to provide sufficient information on our data processing in this Policy and ensure adequate and easy access to data subject rights not just for our users but for anyone, whose personal data we collect, including you. If you want to know more about what rights you have or how you can exercise them, please see the Section “What are your rights?” and “How can you exercise your rights?” of this Policy by following this link.
The legal bases on which we process your personal information is described below:
More specifically, and in some cases in addition to the purposes described above, we may use the information we collect for a variety of other purposes, such as the following:
We may also aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose, and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis and business planning – without restriction.
The information that we process in relation to you may be transferred to, and stored at, a destination outside the jurisdiction where you are located. If you are located in the European Economic Area ("EEA") your personal data may be transferred outside the EEA to a destination that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who work for us or for one of our partners. Your information for example could be transferred to the USA, Canada, Brazil, Singapore and Australia.
Where personal information is transferred in relation to providing our services we will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards and that it is treated securely and in accordance with this Policy, such as relying on a recognized legal adequacy mechanism which may include entering into EC approved standard contractual clauses relevant to transfers of personal information.
Following the Judgment of the Court of Justice of the European Union (“CJEU”) in Case C-311/18, we have reviewed our existing SCCs and also adopted additional measures to ensure maximum compliance with the new requirements regarding international data transfers arising out of the above Judgment of the CJEU.
We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose. We may retain some of your information even after you uninstall or disable an App or close your account, except if you instructed us otherwise.
In particular, we may continue to process information from your call logs and spam reports, which you granted us access to before uninstalling or disabling an App or closing your account, strictly for statistical purposes, in order to enable us to improve our algorithms and our services. We will not use this information for any other purposes, and the processing will have no effect on you or any other natural person. The information will not be shared with any third parties, and we take appropriate measures to ensure that the information is safe with us.
You may make the following requests in relation to personal data relating to you that we process. Your rights and our obligations under the applicable law in relation to such requests may depend on the circumstances:
The California Consumer Protection Act (CCPA) applies to residents of the State of California, United States. You can read about how Hiya complies with the CCPA in our Privacy Notice for California Residents.
You can stop all information collection by the App by disabling call forwarding and deactivating your account by following the instructions on the App’s Protect screen and then uninstalling the App using the standard uninstall process for your device. If you uninstall the App from your mobile device, the unique identifier associated with your device will continue to be stored. If you reinstall the App on the same mobile device, we will be able to re-associate this identifier to your previous transactions and activities.
You may exercise your rights, including your right to withdraw your consent and access to your personal data, by:
- contacting us at Hiya Customer Service
- writing to us at any of the addresses specified on the top of this document.
You may also modify personal information that you have submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the App for a period of time.
Please note that we may be required to ask you for further information so we may confirm your identity before we respond to your request.
If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal complaint with a supervisory authority, in particular in the European Union member state of your habitual residence, place of work, or the place where the infringement of your rights took place. The list of competent supervisory authorities is available here. Also, you may bring a proceeding against us, as data controller before the courts of the EU member state of our establishment or your habitual residence, if you consider that your rights under the GDPR have been infringed.
In addition to the above tools, and as referenced in this Policy, any affected individual may contact our Data Protection Officer with an objection or policy concern via e-mail at firstname.lastname@example.org.
We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer/phone, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
While the Apps do not rely on solely automated decision-making, where the decision would have a legal or similar effect on you, we do make use of automated profiling of spammers and unwanted callers by categorizing them as a type of nuisance or fraud calls, as this is essential to offer our Apps.
However, in any case, if you suspect or become aware that your phone number has been falsely categorized as spam, you have several options to object, challenge the decision and require human intervention to correct it. For further details about how you may report such a problem, please see Section “How can you exercise your rights?” of this Policy by following this link.
We also regularly monitor whether our data and the derived profiles are up-to-date and accurate.
If you have given your consent, we may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any services you have requested or received from us.
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post changes to this Policy on our Apps. If we make any changes to this Policy that materially affect our practices with regard to the personal information, we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Apps and their corresponding Web sites, sending a push notification, or displaying on any of the Web sites associated with our Apps.